Implied rule override explicit rule

Sunray · ‎2022-01-17

We have enabled above option as "before last" & after checking logs we are getting random ip's are still trying to connect external DNS servers.even though we have explicit rule configured for our internal DNS. Would like to know as per behaviour all DNS logs should hit to explicit rule, but not occurring in this scenario.

anyone provide me answer why external DNS request's are hitting over Implied rules (Configrued as "before last" under global properties)

even when an explicit rule has priority.

HOTFIX_R80_40_JUMBO_HF_MAIN Take: 125

Chris_Atkinson · ‎2022-01-17

To clarify you have configured a rule specifically to "drop" this DNS traffic higher in the policy that is not matching?

Perhaps it is easier to work this with TAC if you're uncomfortable with showing the relevant policy rules & log card detail here.

Sunray · ‎2022-01-18

Hello Chris,

I had allowed in any for all DNS traffic in explicit rule on higher priority but still traffic for external DNS hitting implicit rule.

Chris_Atkinson · ‎2022-01-18

As above please provide more details of the policy, log card & matched rules tab so we can help.

Sunray · ‎2022-01-19

Hello Chris

Getting SOA packet for which Implied rule action accept. I have attached all logs

These are VPN user 10.0.0.0 IP range some user hitting external DNS with SOA packet.

We are planning to disable Global Properties "Accept Domain Name over UDP (Queries )" will it impact legitimate traffic.

Implied rule override explicit rule

Enhanced MAC VLANs - Fortinet Competitive Query

Native VLAN

Threat Prevention Proxied Source IP parsing

ISP Redundancy with manual NAT for Internet

Checkpoint MAC learning problem